In a press release published earlier this week, the company confirmed that a misconfigured Microsoft endpoint was exposing sensitive data about Microsoft customers to the Internet more broadly. The Redmond giant announced the news on Wednesday, that it was notified of a misconfiguration by threat intelligence firm SOCRadar, in late September, and shortly thereafter, it plugged the hole.
The language used in the advertisement appears to indicate that the data was not accessed by an authorized third party: “This misconfiguration has resulted in the possibility of unauthorized access to certain commercial transaction data corresponding to interactions between Microsoft and potential customers,” .
The company also stated that these interactions revolve around the planning, potential implementation and provision of Microsoft services.
No viruses involved
“Our investigation found no indication that customer accounts or systems had been compromised. We have notified affected customers directly.”
Moreover, it was said in the announcement that the data included customer names, email addresses, contents of emails, company names and phone numbers. Furthermore, the endpoint was leaking files related to work performed between customers and/or Microsoft and/or authorized partners.
Microsoft confirmed that there were no breaches or malware related to the vulnerabilities – it was just a misconfiguration of the endpoint.
While the company has been relatively stingy on details, SOCRadar was happy to offer more insight. In a new blog post, the company said the data resides in Azure Blob Storage, and that more than 65,000 entities from 111 countries have been exposed. The oldest files are from 2017.
“On September 24, 2022, the cloud security module embedded in SOCRadar detected an incorrect Azure Blob storage maintained by Microsoft containing sensitive data from a high-profile cloud provider,” said SOCRadar. The data included “Proof of Execution (PoE) and Statement of Work (SoW) documents, user information, product orders/offers, project details, and PII (Personally Identifiable Information (Opens in a new tab)data and documents that may disclose intellectual property.”
Microsoft downplayed SOCRadar’s findings, saying the company had “significantly exaggerated” the scope of the problem and the numbers, Computer reports. It also criticized SOCRadar for indexing data and building a search portal for it, saying the move was “not in the interest of ensuring customers’ privacy or security and potentially exposing them to unnecessary risks.”
A SOCRadar analysis determined that 2.4 terabytes of data were exposed, containing 335,000 email messages, details of 133,000 projects, and 548,000 users.
Across: Computer (Opens in a new tab)